Network and Computer Security
VerifiedAdded on 2022/12/27
|14
|2411
|68
AI Summary
This document discusses network and computer security, with a case study of ACorp. It covers techniques for network isolation, network segregation, detecting unusual network activity, and network analysis techniques.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: NETWORK AND COMPUTER SECURITY
NETWORK AND COMPUTER SECURITY: A Case Study of ACorp
Name of the Student:
Name of the University:
Author Note:
NETWORK AND COMPUTER SECURITY: A Case Study of ACorp
Name of the Student:
Name of the University:
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1NETWORK AND COMPUTER SECURITY
Task 1:
There are many different techniques to isolate computer networks. When the size of the network
becomes larger because of the expansion in the cloud computing technology as in the case of
ACorp, it is recommended to the organization to implement virtualized network isolation that is
based on the NFV (Network Functions Virtualization). Each and every tenant’s resources should
be isolated and for such kind of isolation there two major needs, firstly, It should be ensured that
the services of one tenant should not be altered by the others resources either maliciously or
accidentally and secondly, the model should be economically feasible. Thus, DCPortals is the
virtual network structure that secure a network by providing traffic isolation in the datacenter
working environment which are based on the SDN solution. ACorp can utilize the advantage of
DCPortals to secure the wide number of computer networks. The following figure depicts the
DCPortals architecture that is applied as network hypervisor Structure that is built on POX SDN
controller.
(Figure 1: DCPortal architecture)
Source: (Moraes, Nunes and Guedes 2014)
Task 1:
There are many different techniques to isolate computer networks. When the size of the network
becomes larger because of the expansion in the cloud computing technology as in the case of
ACorp, it is recommended to the organization to implement virtualized network isolation that is
based on the NFV (Network Functions Virtualization). Each and every tenant’s resources should
be isolated and for such kind of isolation there two major needs, firstly, It should be ensured that
the services of one tenant should not be altered by the others resources either maliciously or
accidentally and secondly, the model should be economically feasible. Thus, DCPortals is the
virtual network structure that secure a network by providing traffic isolation in the datacenter
working environment which are based on the SDN solution. ACorp can utilize the advantage of
DCPortals to secure the wide number of computer networks. The following figure depicts the
DCPortals architecture that is applied as network hypervisor Structure that is built on POX SDN
controller.
(Figure 1: DCPortal architecture)
Source: (Moraes, Nunes and Guedes 2014)
2NETWORK AND COMPUTER SECURITY
DCPortals: In the DCPortals, virtual network distraction gives a distinct vision of logic
isolation between many tenant networks which contribute same infrastructure. DCPortals interact
by the Open source to query tenant’s data and it also interacts with the Open vSwitch for
identifying the network isolation.
Open Stack: In the OpenStack database all tenant’s data like tenant’s VM’s location,
tenant’s virtual networks and tenant’s ID. In TVDc, cluster of resources as well as the VM
collaborate known as Trusted Virtual Domain (TVDs). TVDs give a hard isolation among
workloads enforcing the Mandatory Access Control policy.
The basic operation of the TVDc network isolation mainly deals with VLANs. These
kind of VLANs emulate distinct physical LANs on the lone physical local area network by
suitable VLAN ID. Every machines are able to connect with VLANs which contain the similar
shared mode. Thus, machines that have same type can communicate with other machines which
have the same shared type. The machines which have different shared type cannot communicate
with other machines. The following figure depicts the structure of the TVDc network isolation.
Both PMs (Physical machine) are connected in the network switch. The VMM in each PM in the
hardware restricts every software of VLAN to receive and send packets to the particular VLAN.
DCPortals: In the DCPortals, virtual network distraction gives a distinct vision of logic
isolation between many tenant networks which contribute same infrastructure. DCPortals interact
by the Open source to query tenant’s data and it also interacts with the Open vSwitch for
identifying the network isolation.
Open Stack: In the OpenStack database all tenant’s data like tenant’s VM’s location,
tenant’s virtual networks and tenant’s ID. In TVDc, cluster of resources as well as the VM
collaborate known as Trusted Virtual Domain (TVDs). TVDs give a hard isolation among
workloads enforcing the Mandatory Access Control policy.
The basic operation of the TVDc network isolation mainly deals with VLANs. These
kind of VLANs emulate distinct physical LANs on the lone physical local area network by
suitable VLAN ID. Every machines are able to connect with VLANs which contain the similar
shared mode. Thus, machines that have same type can communicate with other machines which
have the same shared type. The machines which have different shared type cannot communicate
with other machines. The following figure depicts the structure of the TVDc network isolation.
Both PMs (Physical machine) are connected in the network switch. The VMM in each PM in the
hardware restricts every software of VLAN to receive and send packets to the particular VLAN.
3NETWORK AND COMPUTER SECURITY
(Figure 2: Operational method of TVDc network isolation)
Source: (Montero et al. 2015)
Task 2:
Network Segregation the method of developing the network as well as introducing a new
set of rules for the control of communication among some particular hosts and services. The aim
of ACorp is to resist the rate of access for the sensitive data, services and hosts keeping in mind
that the company can operate its business operation effectively and efficiently (Sporns 2013).
There are different techniques to segregate a network for ACorp like:
Implementing the demilitarized gateways and zones among the networks of the
organization with various security in different layers.
o Layer 3 or the routers helps to divide the large network in separate networks that
resist traffic flow utilizing some measures like access control sets.
(Figure 2: Operational method of TVDc network isolation)
Source: (Montero et al. 2015)
Task 2:
Network Segregation the method of developing the network as well as introducing a new
set of rules for the control of communication among some particular hosts and services. The aim
of ACorp is to resist the rate of access for the sensitive data, services and hosts keeping in mind
that the company can operate its business operation effectively and efficiently (Sporns 2013).
There are different techniques to segregate a network for ACorp like:
Implementing the demilitarized gateways and zones among the networks of the
organization with various security in different layers.
o Layer 3 or the routers helps to divide the large network in separate networks that
resist traffic flow utilizing some measures like access control sets.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4NETWORK AND COMPUTER SECURITY
o Routing protocols and virtualized networking, including the VLANs and
Forwarding to segregate and Virtual Routing.
o Virtual functions, containers and machines isolate different methods of various
threat levels.
o Virtual Hosts, cloud tenancies, virtual switching and manages security groups
help to Segregate application, services and information.
o Firewall software and host-based security is used to check the network traffic at
host level.
o Service and application authentication as well as authorization like multi-factor
authentication as well as policy based access controls.
o Data diodes or one way transfer appliances helps to enforce directionality of the
data flows in the networks.
Implementing domain and server isolation utilizing IPSec (internet protocol Security).
Implementing storage based segregation as well as filtering different technologies like
volume and Logical Unit Number masking (Ng et al. 2016).
Implementing Cross Domain Solutions based on the evaluated High Assurance items or
methods otherwise should be recommended by Australian Cyber Security Centre
(ACSC).
o Routing protocols and virtualized networking, including the VLANs and
Forwarding to segregate and Virtual Routing.
o Virtual functions, containers and machines isolate different methods of various
threat levels.
o Virtual Hosts, cloud tenancies, virtual switching and manages security groups
help to Segregate application, services and information.
o Firewall software and host-based security is used to check the network traffic at
host level.
o Service and application authentication as well as authorization like multi-factor
authentication as well as policy based access controls.
o Data diodes or one way transfer appliances helps to enforce directionality of the
data flows in the networks.
Implementing domain and server isolation utilizing IPSec (internet protocol Security).
Implementing storage based segregation as well as filtering different technologies like
volume and Logical Unit Number masking (Ng et al. 2016).
Implementing Cross Domain Solutions based on the evaluated High Assurance items or
methods otherwise should be recommended by Australian Cyber Security Centre
(ACSC).
5NETWORK AND COMPUTER SECURITY
Task 3:
The network activity which fails to accept the norms can indicate hardware problem in
one or more network components of ACorp. These type of problems is caused by network loop
or for many traffic in the network. Unusual network activity is indicated by a LED placed on
front of switch or it is calculated by switch console interface or by a network management device
like HP PCM+ (Ampe et al. 2016). The general problems caused by the unusual network activity
or rather the method of detecting the unusual network activity are as follows:
The network operates, processes very slowly and the clients cannot event access the
services. This can be overcome by:
o In case of configuring the port trunk, the user of ACorp should finish the
configuration of the ports in trunks before connecting related cables.
Broadcast storms should be created by creating some redundant links.
o The STP should be turned on which will block the redundant links.
o Check FFI messages in Event Log.
Duplicate IP addresses
Matching IP addresses in the DHCP network: ACorp uses a DHCP server that assign IP
addresses in the network. A repeating IP address may be given by the server. This is
observed when the client does not release a DHCP based IP address after intended
completion time and thus the server leases. One solution for this type of issue is to
configure reservations in DHCP server for particular IP address.
The switch was configured for Bootp or DHCP operation but the switch does not receive
any Bootp or DHCP reply: Whenever a switch is configured for the DHCP or Bootp
reply it automatically starts to send packets to the defined networks and when the DHCP
Task 3:
The network activity which fails to accept the norms can indicate hardware problem in
one or more network components of ACorp. These type of problems is caused by network loop
or for many traffic in the network. Unusual network activity is indicated by a LED placed on
front of switch or it is calculated by switch console interface or by a network management device
like HP PCM+ (Ampe et al. 2016). The general problems caused by the unusual network activity
or rather the method of detecting the unusual network activity are as follows:
The network operates, processes very slowly and the clients cannot event access the
services. This can be overcome by:
o In case of configuring the port trunk, the user of ACorp should finish the
configuration of the ports in trunks before connecting related cables.
Broadcast storms should be created by creating some redundant links.
o The STP should be turned on which will block the redundant links.
o Check FFI messages in Event Log.
Duplicate IP addresses
Matching IP addresses in the DHCP network: ACorp uses a DHCP server that assign IP
addresses in the network. A repeating IP address may be given by the server. This is
observed when the client does not release a DHCP based IP address after intended
completion time and thus the server leases. One solution for this type of issue is to
configure reservations in DHCP server for particular IP address.
The switch was configured for Bootp or DHCP operation but the switch does not receive
any Bootp or DHCP reply: Whenever a switch is configured for the DHCP or Bootp
reply it automatically starts to send packets to the defined networks and when the DHCP
6NETWORK AND COMPUTER SECURITY
or Bootp does not get any reply it continues to send packets to the networks (Issac 2014).
Thus, if the Bootp or DHCP server is not accessible to the switch when the Bootp or
DHCP is configured first, the switch does not receive the configuration.
Task 4:
Splunk Inc. is the American public corporation in San Francisco, California which
generates software to search, analyze and monitor machine-generated big data by Web style
interface. It is founded by Michael Baum and delivers many products like Splunk Cloud, Splunk
Enterprise and Splunk Light (Zadrozny and Kodali 2013). The Splunk technology will help
ACorp to log the unusual traffic activity. It will allow ACorp with various methods to log the
unusual network activity:
Analyze and study network performance and traffic: The network device should be
monitored for the performance and traffic. The root cause of the slow network is
automatically and immediately identified by Splunk. It provides some tool which details
the bandwidth analysis as well as performance monitoring by SNMP monitoring. The
Splunk technology allow the organization to diagnose. Resolve and detect the unusual
network activity.
Finding the bandwidth hogging applications: When the network of the organization
becomes slow the Splunk technology immediately checks the method of usage of
bandwidth. It will immediately check the amount of usage of bandwidth by every clients
of the ACorp. Splunk technology leverages IPFIX, NetStream, sFlow, J-Flow and
NetFlow information which is built to many routers used to locate the applications,
protocols and users who are consuming the organization’s bandwidth (Miller 2014).
or Bootp does not get any reply it continues to send packets to the networks (Issac 2014).
Thus, if the Bootp or DHCP server is not accessible to the switch when the Bootp or
DHCP is configured first, the switch does not receive the configuration.
Task 4:
Splunk Inc. is the American public corporation in San Francisco, California which
generates software to search, analyze and monitor machine-generated big data by Web style
interface. It is founded by Michael Baum and delivers many products like Splunk Cloud, Splunk
Enterprise and Splunk Light (Zadrozny and Kodali 2013). The Splunk technology will help
ACorp to log the unusual traffic activity. It will allow ACorp with various methods to log the
unusual network activity:
Analyze and study network performance and traffic: The network device should be
monitored for the performance and traffic. The root cause of the slow network is
automatically and immediately identified by Splunk. It provides some tool which details
the bandwidth analysis as well as performance monitoring by SNMP monitoring. The
Splunk technology allow the organization to diagnose. Resolve and detect the unusual
network activity.
Finding the bandwidth hogging applications: When the network of the organization
becomes slow the Splunk technology immediately checks the method of usage of
bandwidth. It will immediately check the amount of usage of bandwidth by every clients
of the ACorp. Splunk technology leverages IPFIX, NetStream, sFlow, J-Flow and
NetFlow information which is built to many routers used to locate the applications,
protocols and users who are consuming the organization’s bandwidth (Miller 2014).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7NETWORK AND COMPUTER SECURITY
Validate the network traffic hierarchizing policies: As the business operations of ACorp
relies on the VoIP, cloud based applications and e-commerce thus it should be ensured by
the organization to prioritize the bandwidth. The Splunk technology allows ACorp to
analyze the effect of pre and post policy traffic rates.
Task 5:
Network analysis is the method of achieving network traffic as well as inspecting closely
used to find the operations on the network. ACorp can have two type of Network analysis
techniques namely, Router based and non-router based (Anderson and Vongpanitlerd 2013).
Analysis methods that does require any additional hardware, software requirements are known as
router based network analysis while the network which require extra hardware and software
requirement are known as non-router network analysis techniques.
Router based analysis techniques:
These techniques are strongly coded in the routers as well as offer flexibility in the
network. There are different methods of router based analysis techniques like:
SNMP (Simple Network Monitoring Protocol: SNMP is the application layer which is the
part of TCP/IP protocol. It helps the ACorp to handle the performance of the network,
locate and solve the various network issues and also some development strategy to
develop the organizational network. There are two versions of SNMP like SNMP1 and
SNMP2. SNMP consists of three primary components like Handled Agents, Network
Management systems (NMSs) and devices
Validate the network traffic hierarchizing policies: As the business operations of ACorp
relies on the VoIP, cloud based applications and e-commerce thus it should be ensured by
the organization to prioritize the bandwidth. The Splunk technology allows ACorp to
analyze the effect of pre and post policy traffic rates.
Task 5:
Network analysis is the method of achieving network traffic as well as inspecting closely
used to find the operations on the network. ACorp can have two type of Network analysis
techniques namely, Router based and non-router based (Anderson and Vongpanitlerd 2013).
Analysis methods that does require any additional hardware, software requirements are known as
router based network analysis while the network which require extra hardware and software
requirement are known as non-router network analysis techniques.
Router based analysis techniques:
These techniques are strongly coded in the routers as well as offer flexibility in the
network. There are different methods of router based analysis techniques like:
SNMP (Simple Network Monitoring Protocol: SNMP is the application layer which is the
part of TCP/IP protocol. It helps the ACorp to handle the performance of the network,
locate and solve the various network issues and also some development strategy to
develop the organizational network. There are two versions of SNMP like SNMP1 and
SNMP2. SNMP consists of three primary components like Handled Agents, Network
Management systems (NMSs) and devices
8NETWORK AND COMPUTER SECURITY
(Figure 3: Components of SNMP)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Remote Monitoring (RMON): RMON helps the ACorp to enable different network
monitors and systems of the organization to interchange the data used for network
monitoring. It acts as the extensive media of SNMP Management Information Database
(MIB). RMON fix the alarms which allow the ACorp officials to monitor over the
network. Thus, RMON helps the administrators to control both local and remote network
from a central location namely, RMON and RMON2. RMON consists of two primary
components in its environment.
(Figure 3: Components of SNMP)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Remote Monitoring (RMON): RMON helps the ACorp to enable different network
monitors and systems of the organization to interchange the data used for network
monitoring. It acts as the extensive media of SNMP Management Information Database
(MIB). RMON fix the alarms which allow the ACorp officials to monitor over the
network. Thus, RMON helps the administrators to control both local and remote network
from a central location namely, RMON and RMON2. RMON consists of two primary
components in its environment.
9NETWORK AND COMPUTER SECURITY
(Figure 4: Components of RMON)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Netflow RFC: Netflow is the feature that is developed on Cisco routers which enable to
achieve the IP network traffic while entering in the interface. The network administrator
of the ACorp can locate the source as well as the destination of the traffic, cause of the
congestion and the class of the service. The Netflow comprises of three elements like
Data Analyzer, Flow Collector and Flow Caching.
(Figure 4: Components of RMON)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Netflow RFC: Netflow is the feature that is developed on Cisco routers which enable to
achieve the IP network traffic while entering in the interface. The network administrator
of the ACorp can locate the source as well as the destination of the traffic, cause of the
congestion and the class of the service. The Netflow comprises of three elements like
Data Analyzer, Flow Collector and Flow Caching.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10NETWORK AND COMPUTER SECURITY
(Figure 6: Netflow RFC)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Non Router Based techniques:
Active Monitoring: It transmits the probes in the organization network which allow
ACorp to achieve the measurements among two endpoints of the network. It deals with
availability, pack Inter-arrival Jitter, Packet loss, Bandwidth measurements, Routes and
so on. Tools like ping is used to measure the delay as well as loss of the information and
the locating the routes.
(Figure 6: Netflow RFC)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Non Router Based techniques:
Active Monitoring: It transmits the probes in the organization network which allow
ACorp to achieve the measurements among two endpoints of the network. It deals with
availability, pack Inter-arrival Jitter, Packet loss, Bandwidth measurements, Routes and
so on. Tools like ping is used to measure the delay as well as loss of the information and
the locating the routes.
11NETWORK AND COMPUTER SECURITY
(Figure 7: Active Monitoring)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Passive Monitoring: It does not add any extra traffic in the network. It collects the data
from one point of the network which is calculated among two endpoints. ACorp can
achieve passive monitoring by the assistance of the packet sniffing method.
(Figure 8: Passive Monitoring)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Combinational Monitoring: It includes watching the resources from edge of network,
SCNM (Self Configuring Network Monitor).
(Figure 7: Active Monitoring)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Passive Monitoring: It does not add any extra traffic in the network. It collects the data
from one point of the network which is calculated among two endpoints. ACorp can
achieve passive monitoring by the assistance of the packet sniffing method.
(Figure 8: Passive Monitoring)
Source: (A Summary of Network Traffic Monitoring and Analysis Techniques 2019)
Combinational Monitoring: It includes watching the resources from edge of network,
SCNM (Self Configuring Network Monitor).
12NETWORK AND COMPUTER SECURITY
Reference List:
A Summary of Network Traffic Monitoring and Analysis Techniques (2019). A Summary of
Network Traffic Monitoring and Analysis Techniques. [ebook] cse.wustl, p.9.
Ampe, L., Ma, N., Van Hoeck, N., Vandekerckhove, M. and Van Overwalle, F., 2014. Unusual
actions do not always trigger the mentalizing network. Neurocase, 20(2), pp.144-149.
Anderson, B.D. and Vongpanitlerd, S., 2013. Network analysis and synthesis: a modern systems
theory approach. Courier Corporation.
Issac, B., 2014. Secure ARP and secure DHCP protocols to mitigate security attacks. arXiv
preprint arXiv:1410.4398.
Miller, J., 2014. Mastering Splunk. Packt Publishing Ltd.
Montero, D., Yannuzzi, M., Shaw, A., Jacquin, L., Pastor, A., Serral-Gracia, R., Lioy, A., Risso,
F., Basile, C., Sassu, R. and Nemirovsky, M., 2015. Virtualized security at the network edge: a
user-centric approach. IEEE Communications Magazine, 53(4), pp.176-186.
Moraes, H., Nunes, R.V. and Guedes, D., 2014. DCPortalsNg: Efficient isolation of tenant
networks in virtualized datacenters. Proc. 13th ICN.
Ng, K.K., Lo, J.C., Lim, J.K., Chee, M.W. and Zhou, J., 2016. Reduced functional segregation
between the default mode network and the executive control network in healthy older adults: a
longitudinal study. Neuroimage, 133, pp.321-330.
Sporns, O., 2013. Network attributes for segregation and integration in the human brain. Current
opinion in neurobiology, 23(2), pp.162-171.
Reference List:
A Summary of Network Traffic Monitoring and Analysis Techniques (2019). A Summary of
Network Traffic Monitoring and Analysis Techniques. [ebook] cse.wustl, p.9.
Ampe, L., Ma, N., Van Hoeck, N., Vandekerckhove, M. and Van Overwalle, F., 2014. Unusual
actions do not always trigger the mentalizing network. Neurocase, 20(2), pp.144-149.
Anderson, B.D. and Vongpanitlerd, S., 2013. Network analysis and synthesis: a modern systems
theory approach. Courier Corporation.
Issac, B., 2014. Secure ARP and secure DHCP protocols to mitigate security attacks. arXiv
preprint arXiv:1410.4398.
Miller, J., 2014. Mastering Splunk. Packt Publishing Ltd.
Montero, D., Yannuzzi, M., Shaw, A., Jacquin, L., Pastor, A., Serral-Gracia, R., Lioy, A., Risso,
F., Basile, C., Sassu, R. and Nemirovsky, M., 2015. Virtualized security at the network edge: a
user-centric approach. IEEE Communications Magazine, 53(4), pp.176-186.
Moraes, H., Nunes, R.V. and Guedes, D., 2014. DCPortalsNg: Efficient isolation of tenant
networks in virtualized datacenters. Proc. 13th ICN.
Ng, K.K., Lo, J.C., Lim, J.K., Chee, M.W. and Zhou, J., 2016. Reduced functional segregation
between the default mode network and the executive control network in healthy older adults: a
longitudinal study. Neuroimage, 133, pp.321-330.
Sporns, O., 2013. Network attributes for segregation and integration in the human brain. Current
opinion in neurobiology, 23(2), pp.162-171.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13NETWORK AND COMPUTER SECURITY
Zadrozny, P. and Kodali, R., 2013. Big data analytics using Splunk: Deriving operational
intelligence from social media, machine data, existing data warehouses, and other real-time
streaming sources. Apress.
Zadrozny, P. and Kodali, R., 2013. Big data analytics using Splunk: Deriving operational
intelligence from social media, machine data, existing data warehouses, and other real-time
streaming sources. Apress.
1 out of 14
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.